Shiny-proxy in iframe - Adding CSP does not solve chrome blocking it - r

I have a shiny application running with shiny-proxy and I want to embed this application within another hub application.
I configured the application.yml in shiny-proxy to:
frame-options: allow-from http://127.0.0.1:5501
Content-Security-Policy: frame-ancestors 'self' http://127.0.0.1:5501
The allow from directive is deprecated in chrome and safari and therefore, I used it, as suggested by many StackOverflow answers, I used the Content-Security-Policy option. However, this has not resolved the issue yet.
Chrome is still blocking it:
proxy:
default-webSocket-reconnection-mode: Auto
same-site-cookie: None
# stop-proxies-on-shutdown: false
# recover-running-proxies: true
# recover-running-proxies-from-different-config: true
title: Open Analytics Shiny Proxy
logo-url: https://www.openanalytics.eu/shinyproxy/logo.png
landing-page: /
heartbeat-rate: 10000
heartbeat-timeout: -1
heartbeat-enabled: false
container-wait-time: 20000
servlet.session.timeout: 100000
container-log-path: /var/log/shinyproxy/container-logs
port: 8080
authentication: simple
admin-groups: admin
users:
- name: frank
password: password
groups: scientists
# Docker configuration
# container-backend: docker
container-backend: docker
docker:
cert-path: /home/none
url: http://127.0.0.1:2375
port-range-start: 20000
specs:
- id: something
...
logging:
file:
name: /var/log/shinyproxy/shinyproxy.log
# level:
# root: DEBUG
server:
frame-options: allow-from http://127.0.0.1:5501
Content-Security-Policy: frame-ancestors 'self' http://127.0.0.1:5501
secure-cookies: true

Making everything HTTPS solved it.

Related

Kong route and upstream server path

I have the following configuration of service with route in Kong:
- name: test
host: test-service
port: 80
protocol: http
path: /endpoint/
routes:
- name: test_route
strip_path: true
preserve_host: true
paths:
- /login
I am trying to understand the following behaviour:
when I access http://localhost/login, I will end up with the http://localhost/endpoint in my browser
however, when I try to access http://localhost/login/test/page, nothing will change and I am still in my browser on http://localhost/login/test/page and the upstream server served my request properly
My expectation was that using http://localhost/login/test/page, my browser will have eventually http://localhost/endpoint/test/page. Apparently I misunderstood it.
I understood that in this case, Kong will use the upstream path as /endpoint/test/page, because I have strip_path: true.
However, how it can be changed in case I want to end up with http://localhost/endpoint/test/page in case I will access http://localhost/login/test/page in my browser?

Problems getting Symfony to work locally with the `host: "web.{domain}"` setting

I am trying to get an old project (not made by me) up and running, and I see that the routes are configured in some peculiar format. This is a typical route config:
customer_home:
path: /customer
host: "web.{domain}"
defaults:
_controller: "BackendBundle:Customer:index"
domain: "%domain%"
methods: [get]
options:
expose: true
requirements:
domain: '%domain%'
Now, I grepped the source code and found domain in the config files. It was null by default and by setting it to localhost:8000 I was able to at least load the root without complaints about %domain%. Now it complains about not finding a matching route, which makes sense, as none was configured. What was configured (which I found by doing console debug:router) was a root route for admin.{domain} and web.{domain}. I assume this means that if the domain is myapp.com, there should be routes configured for admin.myapp.com/ and web.myapp.com.
This is a local development setup, running on 127.0.0.1:8000, so I tried adding this to /etc/hosts:
127.0.0.1 web.localhost admin.localhost
I was now hoping that going to web.localhost:8000 would load a route, but none was matched. I still get NotFoundHttpException, but now I no longer understand why ... How can I configure this setup so that I can load the web and admin subdomains on my development machine? Other routes, like /api/1/doc, works fine.
I was not far off. The answer was to simply drop the port portion of what I had entered as the domain setting. So domain: localhost did the trick. The server is by default running on port 8000, no matter the setting, so it was not needed. I can now access web.localhost and admin.localhost (after adding them as host aliases for the loopback device in /etc/hosts).

Azure Form Recognizer Label Tool Docker: Missing EULA=accept command line option. You must provide this to continue

I am trying to run the Azure Forms Recognizer Label Tool in Azure Container instance.
I have followed the instructions given in here.
I was able to deploy the container image but when I try to start it, it terminates with the following message:
Missing EULA=accept command line option. You must provide this to continue.
This quite surprising, because this option has been specified in my YAML file (see below).
What can I do to fix this?
My YAML file:
apiVersion: 2018-10-01
location: West Europe
name: renecognitiveservice
imageRegistryCredentials: # This is required when pulling a non-public image
- server: mcr.microsoft.com
username: xxx
password: xxx
properties:
containers:
- name: xxxeamlabelingtool
properties:
image: mcr.microsoft.com/azure-cognitive-services/custom-form/labeltool
environmentVariables: # These env vars are required
- name: eula
value: accept
- name: billing
value: https://rk-formsrecognizer.cognitiveservices.azure.com/
- name: apikey
value: xxx
resources:
requests:
cpu: 2 # Always refer to recommended minimal resources
memoryInGb: 4 # Always refer to recommended minimal resources
ports:
- port: 5000
osType: Linux
restartPolicy: OnFailure
ipAddress:
type: Public
ports:
- protocol: tcp
port: 5000
tags: null
type: Microsoft.ContainerInstance/containerGroups
Apparently you can run it with command:
"command": [
"./run.sh", "eula=accept"
],
Worked from the portal
https://github.com/MicrosoftDocs/azure-docs/issues/46623
This is what you want to add in the Azure portal while creating the container instance.
You will find this in the "Advanced" tab.
Afterwards you can access the IP address of that instance to open the label-tool.
"./run.sh", "eula=accept"

Setting up Traefik with LE integration - error too many redirects / 302

I've been following the examples for Traefik and LE integration and those on SmartHomeBeginner, though I've been unable to get Traefik to work on the subdomain over https. I can see the backend on the IP address with the port number but that's not ideal.
When I view the HTTPS page in the browser I keep getting ERR_TOO_MANY_REDIRECTS and I've confirmed the fail in Linux doing a simple wget and I get a 302 error and major fail after 20 redirects.
I can't see where I'm going wrong...
####### Docker Compose ##########
version: "3.6"
services:
traefik:
image: traefik:1.7.4
container_name: traefik
command: --api --docker
restart: always
ports:
- 80:80
- 443:443
environment:
- CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
- CLOUDFLARE_API_KEY=${CLOUDFLARE_API_KEY}
networks:
- traefik_proxy
labels:
- "traefik.enable=true"
- "traefik.backend=traefik"
- "traefik.frontend.rule=Host:traefik.${DOMAINNAME}"
- "traefik.port=8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${USERDIR}/docker/traefik/traefik.toml:/traefik.toml
- ${USERDIR}/docker/traefik/acme/acme.json:/acme.json
- ${USERDIR}/docker/shared:/shared
###### traefik.toml ######
logLevel = "DEBUG" #DEBUG, INFO, WARN, ERROR, FATAL, PANIC
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = false
[acme]
email = "email"
storage = "/acme.json"
entryPoint = "https"
# remove below line when happy its all working fine - dev LE certs
caServer="https://acme-staging-v02.api.letsencrypt.org/directory"
#create certificate when container is created
[acme.dnsChallenge]
provider = "cloudflare"
delayBeforeCheck = 0
[[acme.domains]]
main = "xxxx.com"
[[acme.domains]]
main = "*.xxxx.com"
Thanks in advance.
I've managed to work out what I was missing, the traefik.toml and docker-compose file were both ok, the only issue was that Cloudflare was set to 'Flexible' but must be set as 'Off' as am trying to utilise the LE certs instead, this then worked. See link for reference: s3 and cloudflare flexible ssl handshakes

Unrecognized options "scheme, cluster, url" under "lopi_pusher"

I'm using LopiPusherBundle for Getting following error while clearing the cache in symfony 2.7.26
[Symfony\Component\Config\Definition\Exception\InvalidConfigurationException]
Unrecognized options "scheme, cluster, url" under "lopi_pusher"
# app/config/config.yml
lopi_pusher:
scheme: http
host: api.pusherapp.com
port: 80
cluster: ap2
timeout: 30
debug: false
app_id: <app_id>
key: <key>
secret: <secret>
url: <scheme>://<key>:<secret>#<host>[:<port>]/apps/<app-id>
auth_service_id: my_channel_authenticator
Your installed version is smaller than 1.3 and these options are not available.
You can see this here https://github.com/laupiFrpar/LopiPusherBundle/blob/1.2.9/DependencyInjection/Configuration.php
Check your composer.json and make sure the correct version is there
You can just use
"laupifrpar/pusher-bundle": "*"
Dont forget to update your dependency after modifying composer.json using
composer update "laupifrpar/pusher-bundle"

Resources